Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jokes54321
New Contributor III

Gracefully remove real server from load balancing with health monitor?

We have a pair of Fortigate 1500d in an active/active configuration in our new datacenter and will have numerous websites load balanced behind them. Our software development team is now setting up the automation of web application deployments in this new datacenter and their plan was to handle it the same way we do in our current datacenter, by renaming a file on the web server that is being monitored by a health monitor and having the load balancer take it offline. While the Fortigate can do this part, we discovered it's immediately taking the real server offline breaking session state.

 

Is there anyway to have a health monitor gracefully take a real server offline and prevent new sessions, but let current sessions wrap up? This is how our current load balancer works.

 

If the above is not an option, does the Fortigate offer an API where automation can gracefully take a real server offline for updates.

 

Denny

5 REPLIES 5
yanivabo
New Contributor

hello.

 

Any response regarding this problem? 

I have the save problem.

 

regards,

yaniv

jokes54321
New Contributor III

Hi Yaniv,

 

We have not received any responses regarding this. We've also discovered that using the GUI to take a node offline isn't graceful either. The moment you stop the node in Monitor - Load Balancer GUI , it appears to kill all sessions on the server. Not very graceful.

We're on 5.4.0, so hopefully this will get fixed in a future version.

 

 

emnoc
Esteemed Contributor III

You need a the equal of a F5 ltm-monitor  health-monitor disable string. I don't recall this as an option in  5.2.x and not sure about 5.4x. Since the check is a simple get and match, you don't have a means for graceful sessions.

 

 

Either way a FGT is not a 100%  ADC  imho.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
jokes54321
New Contributor III

Yeah, I cannot agree with you more. It's always unfortunate to realize this stuff post sale, after 6 months into it.

 

 

 

emnoc
Esteemed Contributor III

Even more shocking the fortiadc does not have this also.

 

So I would start with a  NFR ( new feature request  ) and cite any other  major  ADC server ion,a10,big-ip and see what they say. I highly doubt they would do this in a fortigate 1st but who knows YMMV. FTNT does take some  NFR with priority but again YMMV and realtime experience varies imho.

 

if you need true ADC function you buy a  solid ADC platform and  the FortiXXXX product lineup is not one of them ;)

 

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors